commit 088c16befc277069488fa557d86570c78a22f419
author Fabien Sanglard <sanglardf@google.com> Thu Jan 19 11:13:20 2017 -0800
committer Feng Yu <feny@google.com> Wed Feb 15 01:59:37 2017 +0000
tree b04941d58dd7899ee8ab4791148d635529432ce4
parent b9c7a53b52f8714511a4743695511e6c86736c13

Fix security vulnerability

Test: hammerhead
Bug: 32628763
Change-Id: I19a81b63fffee8f323a5925c7e8633fbd640b91c
(cherry picked from commit 2ae83f4f628d4da96f363d0668380ba1f753b867)

services/surfaceflinger/SurfaceFlinger.cpp

diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index fdc3650..9c0305d 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -2134,8 +2134,7 @@
         if (s.client != NULL) {
             sp<IBinder> binder = IInterface::asBinder(s.client);
             if (binder != NULL) {
-                String16 desc(binder->getInterfaceDescriptor());
-                if (desc == ISurfaceComposerClient::descriptor) {
+                if (binder->queryLocalInterface(ISurfaceComposerClient::descriptor) != NULL) {
                     sp<Client> client( static_cast<Client *>(s.client.get()) );
                     transactionFlags |= setClientStateLocked(client, s.state);
                 }